Cyber security predictions for 2024

The year 2023 saw heightened cybersecurity activity, with both security professionals and adversaries engaged in a constant cat-and-mouse game. Here are some cybersecurity predictions for 2024 to help security professionals. It is crucial to anticipate the key themes likely to dominate the cybersecurity space in 2024.

Cybersecurity is an ever-evolving process that can never be ‘complete’ in the exact sense. The cybersecurity field evolves constantly as technology advances, global events create uncertainty, and threat actors refine and improve their malicious tactics. It is expected that 2024 again emphasizes the critical need to strike a balance between cybersecurity and cyber resilience. Safeguarding mission-critical assets and developing the capacity to anticipate, withstand, recover from, and adapt to cyberattacks remain central to organizational cybersecurity strategies. While preparedness remains one of the most important facets of effective organizational cybersecurity, it can be difficult to plan for the year ahead with so many unknowns.

Five Cybersecurity Predictions for 2024
A Never-Ending Story: Compromised Credentials
Ransomware Attacks Continue to Wreak Havoc
Global Conflicts and Elections Lead to a Rise in Hacktivism
White House Cybersecurity Strategy Triggers Revival of Vulnerability Management
The Emergence of Next-Gen Security Awareness Programs

10 Global Cybersecurity Predictions for 2024
Election Security Making Headlines
A Two-Sided Approach to Artificial Intelligence
Widespread Adoption of Zero-Trust Architecture
Cities Integrating IoT into Critical Infrastructure
Increasing Cybersecurity Supply Chain Risks
Third Party Scrutiny Taking Priority for Compliance Officers
The Start of Significant Fines From Australian Regulators
Corporate Responsibility Shifting to Individuals
Organizational Transparency Surrounding Cybersecurity
Emergence of Incentivized Cybersecurity

Experts Talk: Predicting the Cybersecurity Landscape in 2024
Spiceworks News & Insights brings you expert insights on what to expect in cybersecurity in 2024.
By investing in AI governance tools and developing complimentary guardrails, companies can avoid what may end up being the biggest misconception in 2024: the assumption that you can control the adoption of AI.
“In 2024, we can expect a surge in malicious AI-generated content.”
“Organizations’ inability to identify the lineage of AI will lead to an increase in software supply chain attacks in 2024,”
The integration of AI into the development process, particularly in the CI/CD pipeline, is crucial.
“Cyberattacks overall are expected to increase; ransomware groups are targeting vendors, government agencies, and critical infrastructure in the United States.”
How can AI help threat actors: “With the assistance of AI, particularly generative AI (GenAI) technology, attackers will be able to refine their techniques, increasing their speed and effectiveness. GenAI will allow criminal cyber groups to quickly fabricate convincing phishing emails and messages to gain initial access into an organization.”
“If cyber leaders want to take on this responsibility (and burden), they will have to be reasonably informed of cyber risks faced by the organization and able to communicate those risks to investors,”
“Third-party risk management is no longer an experiment; it’s an expectation,”
“We will see breaches related to Kubernetes in high-profile companies,”

API Security Trends and Projections for 2024
1. The pervasiveness of API vulnerabilities – These vulnerabilities in AAA, if exploited, can lead to major security breaches.
2. Limitations of standard frameworks – While foundational, traditional frameworks like the OWASP API Security Top-10 have limitations in addressing the dynamic nature of API threats.
3. Leak protection – The report highlighted the critical need for enhanced API leak protection, especially considering significant breaches at companies like Netflix and VMware.
4. Rising threats and strategic recommendations – The Wallarm report identified injections as the most pressing API threat, underscoring their likelihood of significant damage.

Gartner’s 8 Cybersecurity Predictions for 2023-2025
By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships. Investors, especially venture capitalists, use cybersecurity risk as an important factor in evaluating opportunities.
1. By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
2. By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%.
3. By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor.
4. By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
5. The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025.
6. By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
7. By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability.
8. By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.

Top 10 Cyber Security Trends And Predictions For 2024
Trend 1: Increased Focus on AI and Machine Learning in Cybersecurity
Trend 2: Growing Importance of IoT Security
Trend 3: Expansion of Remote Work and Cybersecurity Implications
Trend 4: The Rise of Quantum Computing and Its Impact on Cybersecurity
Trend 5: Evolution of Phishing Attacks
Trend 6: Enhanced Focus on Mobile Security
Trend 7: Zero Trust Security
Trend 8: Cybersecurity Skills Gap and Education
Trend 9: Blockchain and Cybersecurity
Trend 10: Cybersecurity Insurance Becoming Mainstream

6 Predictions About Cybersecurity Challenges In 2024
‘Uptick in Disruptive Hacktivism’
Election Interference
More Targeted Attacks
Fooling Users
Leveraging AI Tools
‘New Avenues For Cybercrime’

5 cybersecurity predictions for 2024
1. Advanced phishing
2. AI-powered scams
3. Increase in supply chain attacks
4. Deployment of malicious browser extensions
5. Changing demographics brings more threats

Top cybersecurity predictions of 2024
Adoption of passwordless authentication
Multi-Factor Authentication (MFA) will become a standard requirement for most online services and applications. Traditional methods like SMS-based MFA will decline in favor of more secure options, such as time-based one-time passwords (TOTP) generated by authenticator apps.
Both enterprises and consumers are increasingly adopting passwordless solutions across various sectors. Transitioning to a passwordless mindset may appear unconventional, as it requires users to change their habits. However, the enhanced security and the seamless experience it offers reduce the learning curve, making the transition more user-friendly.
Cybersecurity will be a higher priority for law firms
For nearly any law firm, part of the ‘big picture’ approach to cybersecurity includes an ability to scale detection and response capabilities.
Artificial intelligence and large language models
Phishing and BEC attacks are becoming more sophisticated because attackers are using personal information pulled from the Dark Web (stolen financial information, social security numbers, addresses, etc.), LinkedIn and other internet sources to create targeted personal profiles that are highly detailed and convincing. They also use trusted services such as or Gmail for greater credibility and legitimacy.
We should also expect the rise of 3D attacks, meaning not just text but also voice and video. This will be the new frontier of phishing. We are already seeing highly realistic deep fakes or video impersonations of celebrities and executive leadership.
I expect to see a major breach of an AI company’s training data exposing the dark side of large language models (LLM) and the personal data they hold that were scraped from open sources.
One of the big trends we expect to see in 2024 is a surge in use of generative AI to make phishing lures much harder to detect, leading to more endpoint compromise. Attackers will be able to automate the drafting of emails in minority languages, scrape information from public sites — such as LinkedIn — to pull information on targets and create highly-personalized social engineering attacks en masse.
Simultaneously, we will see a rise in ‘AI PC’s’, which will revolutionize how people interact with their endpoint devices. With advanced compute power, AI PCs will enable the use of “local Large Language Models (LLMs)”
With the increase in regulatory and security requirements, GRC data volumes continue to grow at what will eventually be an unmanageable rate. Because of this, AI and ML will increasingly be used to identify real-time trends, automate compliance processes, and predict risks.
Prioritize training
Insider threats are a leading problem for IT/security teams — many attacks stem from internal stakeholders stealing and/or exploiting sensitive data, which succeed because they use accepted services to do so. In 2024, IT leaders will need to help teams understand their responsibilities and how they can prevent credential and data exploitation.
On the developer side, management will need to assess their identity management strategies to secure credentials from theft, either from a code repository hosted publicly or within internal applications and systems that have those credentials coded in. On the other hand, end users need to understand how to protect themselves from common targeted methods of attack, such as business email compromise, social engineering and phishing attacks.
Security teams need to prioritize collaboration with other departments within their organization to make internal security training more effective and impactful.

Humans Are Notoriously Bad at Assessing Risk
We as humans, with our emotions, can sometimes be irrational and subjective. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality.

Threat Intel: To Share or Not to Share is Not the Question
To share or not to share isn’t the question. It’s how to share, what to share, where and with whom. The sooner we arrive at answers, the safer we’ll be collectively and individually.

Addressing the State of AI’s Impact on Cyber Disinformation/Misinformation
The recent rapid rise of artificial intelligence continues to be a game-changer in many positive ways. Yet, within this revolution, a shadow looms. By embracing a strategy that combines technological advancements with critical thinking skills, collaboration, and a culture of continuous learning, organizations can safeguard against AI’s disruptive effects.


  1. Tomi Engdahl says:

    Pornon katseluun tulossa suuri muutos

    Porn viewers in EU may have to prove their age

    Three of the world’s biggest pornography sites have been told their users in the European Union may have to use age verification technology.

    Pornhub, Xvideos and Stripchat face stricter regulations because they have been assessed as having at least 45 million monthly users in EU countries.

    EU rules mean firms of that size have to take extra steps to protect children.

    It says that could mean the sites introducing age checking tech.

  2. Tomi Engdahl says:

    Ensi vuonna tekoäly varastaa datasi

    Tietoturvayritys Trend Micron kyberturvaraportti ennustaa, että tekoälypohjaiset hyökkäykset kiihtyvät vuonna 2024. Yhtiö varoittaa generatiivisen tekoälyn kasvavasta roolista verkkorikollisuuden maailmassa, ja kuinka siihen pohjautuvat työkalut vauhdittavat tulevaisuudessa käyttäjien manipulointia ja identiteettivarkauksia.

  3. Tomi Engdahl says:

    A quiet cybersecurity revolution is touching every corner of the economy as U.S., allies ‘pull all the levers’ to face new threats

    On Dec. 15, the Securities and Exchange Commission’s (SEC’s) expanded cybersecurity rules came into effect, requiring public companies to disclose incidents within four business days. That means headline-grabbing breaches–such as the one that affected all Okta customer support system users or the 23andMe hack that included the information of nearly 7 million customers–will have even greater consequences than whatever data was compromised. And the SEC rules are only the tip of the iceberg of changes to regulatory compliance.

    With little fanfare and largely unnoticed by the press, institutional investors, or anyone else, the federal government is quietly directing a seismic shift in the economy by mandating stringent cybersecurity compliance across all 16 critical infrastructure sectors.

  4. Tomi Engdahl says:

    Google Will Turn Off Cookies for 30 Million People on January 4
    Google’s cookie-killing “Privacy Sandbox” project is finally set to begin.

  5. Tomi Engdahl says:

    vallisuusdirektiivi NIS2.0 – Mikä se on ja miten sinun tulisi toimia?
    NIS2.0, uusi EU:n laajuinen kyberturvallisuusdirektiivi, on tulossa vuonna 2024. Tässä blogikirjoituksessa kerromme mikä se on, miksi ja miten sinun tulisi toimia ja mitkä ovat Microsoftin ratkaisut NIS2-vaatimusten noudattamiseen. Määräaika tulee vastaan 17. lokakuuta 2024.

  6. Tomi Engdahl says:

    Näin EU aikoo rajoittaa tekoälyn käyttämistä: muun muassa deepfake-kuville tiukat raamit ja leluja kielletään
    EU on päässyt merkittävään sopuun tekoälyn käytöstä. Poimimme asiantuntijoiden kanssa muutaman mielenkiintoisen seikan siitä, miten tekoäly vaikuttaa tulevaisuudessa elämäämme.

  7. Tomi Engdahl says:

    Increased Cyber Regulation in the Offing as Attacks Mount
    Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.

  8. Tomi Engdahl says:

    Uskomaton tilanne: 240 000 000 tietokoneesta voi tulla kertarysäyksellä ongelmajätettä

    WINDOWS 10 -käyttöjärjestelmän ilmaisen tietoturvatuen päättyminen lokakuussa 2025 voi merkitä huomattavaa lisäystä jo valmiiksi hankalaan elektroniikkajätteen ongelmaan.

    Yritysten pc-markkinoita seuraavan Canalys-yhtiön mukaan jopa 240 miljoonaa tietokonetta uhkaa romuttaminen seuraavan kahden vuoden aikana, koska ne eivät ole yhteensopivia Windows 11 -käyttöjärjestelmän kanssa. Canalys arvioi tämän kattavan noin viidesosan kaikista Windows 10 -tietokoneista.

  9. Tomi Engdahl says:

    Fully homomorphic encryption could make data unhackable

    TRUST NO ONE. It’s not just a throwaway line from TV thrillers. It’s becoming the goal of computer security, and a technology that can make it a reality has arrived. Called fully homomorphic encryption, or FHE, it allows software to compute on encrypted data without ever decrypting it.

    The possibilities are enormous: huge leaps in medical research and patient care without exposing patient data, more effective tools against money laundering without regulators actually seeing anyone’s bank-account information, self-driving cars that can learn from each other without snitching on their drivers, analytics about your business without poking into your customer’s “business,” and much more.

    “I think this is the coolest technology of the last 20 years,” says Todd Austin, a hardware security expert at the University of Michigan, whose startup Agita Labs does a different form of secure computing in the Amazon and Microsoft clouds. “It breaks the cardinal rule of computer security—that everything is hackable—because you deny the programmer the ability to see the data.”

  10. Tomi Engdahl says:

    Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

  11. Tomi Engdahl says:

    Far AI Research Discovers Emerging Threats in GPT-4 APIs: A Deep Dive into Fine-Tuning, Function Calling, and Knowledge Retrieval Vulnerabilities

  12. Tomi Engdahl says:

    Webinar: Cyber Security Regulations Update 2023

    In this webinar, Antti Tolvanen from Etteplan presents the latest cyber security regulatory news affecting development and use of IoT devices and digital services.

  13. Tomi Engdahl7 says:

    Cyberattacks Seen as the Biggest Threat to Businesses in Finland
    The domesticity of network infrastructure is emphasized in organizations’ plans.

    According to a survey by telecom operator Telia, the perceived threat of cyber attacks has significantly increased in businesses and public administration compared to the previous year.

    In the survey, cyber attacks emerged among the most significant societal threats. According to Telia’s press release, 82 percent in public administration and 52 percent in businesses mentioned them as a threat.

    More than half of public administration representatives and almost a third of business representatives reported being subjected to data phishing or identity theft.

  14. Tomi Engdahl7 says:

    Social distancing in cyberspace

  15. Tomi says:

    Älylaitteiden heikko tietoturva sääntelyllä kuriin

    Kaupan hyllystä mukaan voi tarttua laite, jonka tietoturva on heikko. Tilanne muuttuu 1.8.2024, kun tietoturvavaatimusten vastaiset laitteet voidaan poistaa myynnistä. Tulevaa sääntelyä silmällä pitäen valmistajien, maahantuojien ja myyjien pitää varmistaa tuotteiden tietoturvataso heti.

    Kyberturvallisuuskeskuksen havaintojen mukaan nykylaitteiden tietoturvaa usein heikentävät oletuksena olevat heikot salasanat ja tietoja suojaavan salauksen puuttuminen. Merkittävä ongelma on myös puute ohjelmistopäivityksistä, joilla korjataan laitteesta valmistamisen jälkeen löydettyjä haavoittuvuuksia. Aina tuotteet eivät edes sisällä päivitysmekanismia, joka mahdollistaisi niiden toimittamisen. Valitettavan usein tarjottavat päivitykset myös loppuvat ennen laitteen käyttöiän päättymistä.

  16. Tomi Engdahl says:

    Uusi huijaus tunnistaa uhrinsa laitteen ja toimii sen mukaisesti – hyökkäykset +587 %
    Puhelimet tarjoavat nopean tavan päästä tiedon äärelle internetissä. Tähän keinoon liittyy kuitenkin vakava riski.

    QR-KOODIEN skannaaminen puhelimen kameralla on muodostunut yleiseksi tavaksi, jota moni käyttäjä ei edes ajattele kahdesti. Neliömäisten koodien avulla voi päästä nopeasti esimerkiksi verkkosivulle tai sovellusta asentamaan.
    Rikolliset ovat kuitenkin keksineet tapoja käyttää qr-koodeja hyökkäyksissään, ja tietoturvayhtiö Check Pointin mukaan iskut ovat viime aikoina kehittyneet.

  17. Tomi says:

    Why Are Cybersecurity Automation Projects Failing?
    The cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience.

  18. Tomi Engdahl says:

    Google now admits it tracks you in Chrome’s incognito mode following $5B settlement
    By Brady Snyder published January 17, 2024
    The clarified text in new incognito mode browsers confirmed what we all thought

  19. Tomi Engdahl says:

    Cyberattacks Seen as the Biggest Threat to Businesses in Finland
    The domesticity of network infrastructure is emphasized in organizations’ plans.

  20. Tomi says:

    OT Maintenance Is Primary Source of OT Security Incidents: Report
    A new ICS security report from TXOne Networks says many OT security incidents involved ransomware and vulnerability exploitation.

  21. Tomi says:

    Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities
    Google announces $1 million investment in improving Rust’s interoperability with legacy C++ codebases.

  22. Tomi Engdahl says:

    Pentagon now considers China’s 3D NAND maker YMTC a ‘military company’ — designation bars company from using US-designed chipmaking equipment
    By Anton Shilov published 5 days ago
    YMTC can no longer supply products to the U.S. military.

  23. Tomi Engdahl says:

    Tom Warren / The Verge:
    Microsoft and OpenAI say hackers are already using LLMs to refine and improve cyberattacks, including Russian, North Korean, Iranian, and Chinese-backed groups

    Microsoft and OpenAI say hackers are using ChatGPT to improve cyberattacks

    / A number of nation-backed groups are starting to use large language models to help with research, scripting, and phishing emails.

  24. Tomi Engdahl says:

    Ashley Belanger / Ars Technica:
    The European Court of Human Rights rules backdoors that weaken E2EE violate human rights law, after Russia began requiring Telegram to decrypt messages in 2017 — Cops have alternative means to access encrypted messages, court says. — The European Court of Human Rights (ECHR) …

    Backdoors that let cops decrypt messages violate human rights, EU court says
    Cops have alternative means to access encrypted messages, court says.

  25. Tomi Engdahl says:

    EU:n kyberturvallisuusdirektiivi NIS2.0 – Mikä se on ja miten sinun tulisi toimia?
    NIS2.0, uusi EU:n laajuinen kyberturvallisuusdirektiivi, on tulossa vuonna 2024. Tässä blogikirjoituksessa kerromme mikä se on, miksi ja miten sinun tulisi toimia ja mitkä ovat Microsoftin ratkaisut NIS2-vaatimusten noudattamiseen. Määräaika tulee vastaan 17. lokakuuta 2024.


Leave a Comment

Your email address will not be published. Required fields are marked *